Google Cloud is making a significant move to enhance security measures for its users by implementing mandatory multifactor authentication (MFA) on all Google Cloud accounts. This decision comes as a response to the increasing threat of phishing and data theft, with Google Cloud’s Mandiant identifying these as the primary attack vectors affecting cloud environments.

According to a blog post by Google on November 5, the Cybersecurity and Infrastructure Security Agency (CISA) found that implementing MFA makes users 99% less likely to be hacked. With this statistic in mind, Google is taking proactive steps to safeguard its users by requiring the use of MFA for sign-on on all Google Cloud accounts by the end of 2025.

While this new requirement will be mandatory for all Google Cloud users, it will not apply to owners of Google’s general consumer accounts. The company acknowledges that 70% of Google users have already enabled MFA, but aims to increase this number to ensure comprehensive protection against cyber threats.

In order to facilitate a smooth transition for users, Google will be rolling out the MFA requirement in three phases. The first phase, starting from November 2024, will involve encouraging MFA adoption through reminders and information in the Google Cloud console, along with resources to help users plan the rollout and enable MFA. The second phase, set to begin in early 2025, will make MFA mandatory for all new and existing Google Cloud users who sign in with a password. The final phase, scheduled for the end of 2025, will extend the MFA requirement to all users who federate authentication into Google Cloud.

For Google Cloud federated users, there will be flexible options available to meet the third phase requirement. Users can choose to enable MFA with their primary identity provider before accessing Google Cloud, or add an extra layer of MFA through their Google account if they prefer to use the system provided by Google. This approach aims to give users the freedom to select the MFA method that best suits their needs and preferences.

Google has a history of emphasizing the importance of security, having introduced two-factor authentication in 2011 with its 2-Step Verification feature, and implementing passkeys through the ‘Security Keys for Google Accounts’ scheme in 2014. In 2023, Google made passkeys the default sign-in option, further enhancing security measures for its users.

Overall, Google’s decision to implement mandatory MFA on all Google Cloud accounts reflects its commitment to prioritizing user security and protecting against evolving cyber threats. By encouraging the adoption of MFA and providing flexible options for users, Google aims to create a safer and more secure environment for its cloud users worldwide.

Link na izvor